Terraform Skill
Terraform infrastructure as code management with native CLI integration.
Overview
This skill provides comprehensive Terraform operations through the native terraform CLI. It wraps terraform commands and returns them for host execution, enabling IaC management for cloud infrastructure.
Requirements
- terraform must be installed and in PATH
- Appropriate cloud provider credentials configured (AWS, GCP, Azure, etc.)
- Valid Terraform configuration files in working directory
Tools
Core Workflow (8 tools)
init
Initialize a Terraform working directory.
Parameters:
backend(boolean, optional): Configure backend (default: true)backend_config(string, optional): Backend configuration (key=value format)upgrade(boolean, optional): Upgrade modules and pluginsreconfigure(boolean, optional): Reconfigure backend, ignoring saved configurationmigrate_state(boolean, optional): Migrate state to new backend
Example:
{"upgrade": true}
plan
Generate and show an execution plan.
Parameters:
out(string, optional): Save plan to filevar(string, optional): Variables (key=value,key2=value2 format)var_file(string, optional): Variable file pathtarget(string, optional): Target specific resources (comma-separated)destroy(boolean, optional): Plan for destroyrefresh(boolean, optional): Refresh state before planning (default: true)detailed_exitcode(boolean, optional): Return detailed exit codes
Example:
{"out": "tfplan", "var": "environment=staging,region=us-west-2"}
apply
Apply changes to infrastructure.
Parameters:
plan_file(string, optional): Apply a saved plan fileauto_approve(boolean, optional): Skip interactive approvalvar(string, optional): Variables (key=value,key2=value2 format)var_file(string, optional): Variable file pathtarget(string, optional): Target specific resources (comma-separated)parallelism(number, optional): Number of parallel operationsrefresh(boolean, optional): Refresh state before applying (default: true)
Example:
{"plan_file": "tfplan", "auto_approve": true}
destroy
Destroy Terraform-managed infrastructure.
Parameters:
auto_approve(boolean, optional): Skip interactive approvalvar(string, optional): Variables (key=value,key2=value2 format)var_file(string, optional): Variable file pathtarget(string, optional): Target specific resources (comma-separated)parallelism(number, optional): Number of parallel operations
Example:
{"target": "aws_instance.web", "auto_approve": true}
validate
Validate the Terraform configuration files.
Parameters:
json(boolean, optional): Output in JSON format
Example:
{"json": true}
fmt
Format Terraform configuration files.
Parameters:
check(boolean, optional): Check if files are formatted (no changes)diff(boolean, optional): Display diff of changesrecursive(boolean, optional): Process subdirectorieswrite(boolean, optional): Write changes to files (default: true)
Example:
{"check": true, "recursive": true}
output
Show output values from state.
Parameters:
name(string, optional): Specific output to showjson(boolean, optional): Output in JSON formatraw(boolean, optional): Output raw value (for single output)state(string, optional): Path to state file
Example:
{"name": "instance_ip", "raw": true}
show
Show current state or a saved plan.
Parameters:
plan_file(string, optional): Show a saved plan filejson(boolean, optional): Output in JSON format
Example:
{"plan_file": "tfplan", "json": true}
State Management (6 tools)
state-list
List resources in the state.
Parameters:
address(string, optional): Filter by address patternstate(string, optional): Path to state fileid(string, optional): Filter by resource ID
Example:
{"address": "module.vpc"}
state-show
Show attributes of a single resource in the state.
Parameters:
address(string, required): Resource addressstate(string, optional): Path to state file
Example:
{"address": "aws_instance.web"}
state-mv
Move a resource in the state.
Parameters:
source(string, required): Source resource addressdestination(string, required): Destination resource addressstate(string, optional): Path to state filedry_run(boolean, optional): Preview the move without making changes
Example:
{
"source": "aws_instance.old",
"destination": "aws_instance.new",
"dry_run": true
}
state-rm
Remove resources from the state.
Parameters:
address(string, required): Resource addresses (comma-separated)state(string, optional): Path to state filedry_run(boolean, optional): Preview the removal without making changes
Example:
{"address": "aws_instance.temp,aws_security_group.temp", "dry_run": true}
state-pull
Pull current state and output to stdout.
Parameters: None
state-push
Push local state to remote backend.
Parameters:
state_file(string, required): Path to state file to pushforce(boolean, optional): Force push even with newer remote state
Example:
{"state_file": "terraform.tfstate"}
Resource Management (4 tools)
import
Import existing infrastructure into Terraform state.
Parameters:
address(string, required): Resource address to import intoid(string, required): Resource ID in the providervar(string, optional): Variables (key=value,key2=value2 format)var_file(string, optional): Variable file pathconfig(string, optional): Path to Terraform configuration
Example:
{"address": "aws_instance.web", "id": "i-1234567890abcdef0"}
refresh
Update local state file against real resources.
Parameters:
var(string, optional): Variables (key=value,key2=value2 format)var_file(string, optional): Variable file pathtarget(string, optional): Target specific resources (comma-separated)
Example:
{"target": "aws_instance.web"}
taint
Mark a resource for recreation on next apply.
Parameters:
address(string, required): Resource address to taintstate(string, optional): Path to state file
Example:
{"address": "aws_instance.web"}
untaint
Remove the taint from a resource.
Parameters:
address(string, required): Resource address to untaintstate(string, optional): Path to state file
Example:
{"address": "aws_instance.web"}
Workspace Management (2 tools)
workspace-list
List available workspaces.
Parameters: None
workspace-select
Select or create a workspace.
Parameters:
name(string, required): Workspace namecreate(boolean, optional): Create workspace if it doesn't exist
Examples:
// Select existing workspace
{"name": "production"}
// Create new workspace
{"name": "staging", "create": true}
Security
This skill includes security considerations:
- Force Operations:
forceflag for state-push is allowed but logged as a warning - Destructive Operations:
destroywithauto_approveis allowed but logged as a warning - Force-unlock: Intentionally not exposed as it's too dangerous for automated use
- Non-interactive: All commands include
-input=falseto prevent hanging
Configuration
No configuration required. Terraform uses:
- Provider credentials from environment (AWS_ACCESS_KEY_ID, GOOGLE_CREDENTIALS, etc.)
- Backend configuration from Terraform files
- Workspace from working directory
Optional environment variable:
TERRAFORM_CMD: Path to terraform executable (default: terraform)
Workflow Examples
Basic Infrastructure Deployment
# Initialize
skill run terraform-skill init
# Plan changes
skill run terraform-skill plan --out tfplan
# Apply changes
skill run terraform-skill apply --plan_file tfplan
Multi-Environment with Workspaces
# Create staging workspace
skill run terraform-skill workspace-select --name staging --create true
# Plan with environment-specific variables
skill run terraform-skill plan --var_file staging.tfvars --out staging.tfplan
# Apply
skill run terraform-skill apply --plan_file staging.tfplan
State Management
# List all resources
skill run terraform-skill state-list
# Move a resource
skill run terraform-skill state-mv --source module.old.aws_instance.web --destination aws_instance.web --dry_run true
# Import existing resource
skill run terraform-skill import --address aws_instance.imported --id i-1234567890abcdef0